Unconfigured Ad Widget

Collapse

Can I enable older TLS or ciphers in browser?

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • #1
    high_revs
    CGN/CGSSA Contributor
    CGN Contributor
    • Feb 2006
    • 7568

    Can I enable older TLS or ciphers in browser?

    Seems either windows 11 or the browser updates upgraded the ciphers. i have a old maybe 12-13 year old but highly functioning Netgear READYNAS device. There are no more updates to it for years and I just accept the risks each time I need to access the admin console. Last I came across this (work) re-enabling old ciphers were at the firewall level. TLS - it was at the product level.

    There are no changes or even restart to my router. Either only windows or Chrome/Opera updated. (Firefox seems to still work). I can't find the right article if this is possible - enabling older ciphers or TLS.

    Is it possible? below is the error

    192.168.xyz.zys uses an unsupported protocol.
    ERR_SSL_VERSION_OR_CIPHER_MISMATCH

    Unsupported protocol

    The client and server don't support a common SSL protocol version or cipher suite.
    Tags: None
    • #2
      L4D
      Veteran Member
      • Sep 2009
      • 3053
      Edit: sorry, you mentioned FF already.

      Kinda stuck with that if there are no updates I believe.
      I just had to replace some older equipment due to this.


      Firefox still allows you to drop TLS.
      RIP iTrader: Feedback Profile for L4D

        Comment

        • #3
          Robotron2k84
          Senior Member
          • Sep 2017
          • 2013
          You can also go about it the other way…

          Set up an stunnel proxy locally that will serve the device’s low-cypher connection with an upgraded cypher to other clients.

          It’s not that hard.

          If the NAS lets you add packages, see if there’s an stunnel package and let it run on the NAS box. That way you’ll get the cyphers you need without a proxy on another device.

            Comment

            • #4
              high_revs
              CGN/CGSSA Contributor
              CGN Contributor
              • Feb 2006
              • 7568
              thanks L4d and Robotron2k84. I figure my 3.5" drives are re-usable though i'll have to move all the data as I figure a new NAS format them all.

              i'm not sure if there is a stunnel proxy app/package. it's been out of support for a long time and there's been no firmware for 5-6 years or so (at least).

                Comment

                • #5
                  Robotron2k84
                  Senior Member
                  • Sep 2017
                  • 2013
                  The beauty is that you can run stunnel anywhere. One side connects to the port / IP of the NAS and is set to ignore the TLS level, and the other side is open for connections from your lan clients with the latest version of OpenSSL, and TLS 1.3.

                  It’s a network proxy, so run it on your PC and alias the NAS admin to localhost.

                    Comment

                    • #6
                      ocabj
                      Calguns Addict
                      • Oct 2005
                      • 7924
                      You don't need a package for stunnel. Just compile it.

                      Distinguished Rifleman #1924
                      NRA Certified Instructor (Rifle and Metallic Cartridge Reloading) and RSO
                      NRL22 Match Director at WEGC

                      https://www.ocabj.net

                        Comment

                        • #7
                          Robotron2k84
                          Senior Member
                          • Sep 2017
                          • 2013
                          Originally posted by ocabj
                          You don't need a package for stunnel. Just compile it.
                          Not everyone knows how to build software, and using buildroots for embedded systems is an even bigger lift for some. Stunnel.org offers common builds, for Windows and Mac, etc.

                          However, based on the fact that OpenSSL is probably out of date and why the ReadyNAS web server doesn’t support the newer TLS levels, means that stunnel compiled against the version on the NAS would likely encounter the same limitations.

                            Comment

                            • #8
                              high_revs
                              CGN/CGSSA Contributor
                              CGN Contributor
                              • Feb 2006
                              • 7568
                              yeah.. i'm not there to build it. not that i cannot; just not enough time or priority to do it. same as android upgrades - mainly just upgrade but not compiling.

                              wish i did... have to pick my battles and time.

                              FF it is for now. I do have a win10 machine and an old laptop on win10 also if need be. not that i use it a lot (the UI interface).

                                Comment

                                Previous template Next

                                Calguns.net Statistics

                                Collapse
                                Topics: 1,862,487   Posts: 25,094,297   Members: 355,415   Active Members: 4,602
                                Welcome to our newest member, scentedtrunk.

                                What's Going On

                                Collapse

                                There are currently 4351 users online. 46 members and 4305 guests.

                                Most users ever online was 239,041 at 11:39 PM on 02-14-2026.

                                Working...
                                UA-8071174-1